Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method of managing security breaches in a networked computing environment, comprising: receiving, by at least one computer device, a communication; determining, by the at least one computer device, whether the communication is associated with a valid user or a malicious user; and in response to determining that the communication is associated with the malicious user, routing the malicious user to an element of a decoy system in the networked computing environment which comprises the decoy system and a production system, wherein: the decoy system is separate from the production system and comprises elements corresponding to elements of the production system; the routing comprises permitting the malicious user to access at least one element of the production system in one or more first layers; the networked computing environment comprises layers, and further comprising determining one of the layers at which a breach occurred; and the routing further comprises routing the malicious user to at least one element of the decoy system in one or more second layers downstream of the determined one of the layers.
The invention relates to network security, specifically managing security breaches in a networked computing environment. The problem addressed is the detection and containment of malicious users attempting to infiltrate a network. The solution involves a method that distinguishes between valid and malicious communications, then routes malicious users to a decoy system while allowing limited access to the production system. The method begins by receiving a communication and determining whether it is from a valid or malicious user. If the communication is identified as malicious, the user is routed to a decoy system, which is separate from but mimics the production system. The decoy system includes elements that correspond to those in the production system, creating a realistic but controlled environment for malicious users. The networked environment is structured in layers, and the method identifies the layer where a breach occurred. Malicious users are initially allowed limited access to production system elements in one or more initial layers. However, downstream of the breach layer, the malicious user is redirected to decoy system elements. This approach helps contain the breach while gathering intelligence on the attacker's behavior. The decoy system provides a safe environment to monitor and analyze malicious activities without exposing critical production assets.
2. The method of claim 1 , wherein the decoy system stores fake data that is different from real data stored in the production system, and further comprising maintaining the production system intact for servicing valid users after detecting the breach.
A method for cybersecurity involves deploying a decoy system alongside a production system to detect and mitigate unauthorized access. The decoy system contains fake data that is distinct from the real data stored in the production system, designed to lure and identify attackers. When a breach is detected, the decoy system traps the attacker while the production system remains operational, ensuring that legitimate users continue to receive uninterrupted service. This approach enhances security by isolating threats without disrupting normal operations, allowing for real-time monitoring and response to malicious activities. The decoy system acts as a decoy to deceive attackers, while the production system maintains its integrity and functionality for authorized users. This method improves threat detection and response efficiency by separating malicious traffic from legitimate user activity.
3. The method of claim 1 , wherein a service provider at least one of creates, maintains, deploys and supports the at least one computer device.
A system and method for managing computer devices involves a service provider that creates, maintains, deploys, or supports at least one computer device. The computer device is configured to receive a request for a service, process the request, and generate a response. The service provider ensures the computer device operates efficiently by handling tasks such as setup, updates, troubleshooting, and ongoing maintenance. This approach reduces the burden on end-users by centralizing device management, improving reliability, and ensuring consistent performance. The service provider may also deploy additional computer devices as needed, scaling resources dynamically to meet demand. The system supports various services, including data processing, application hosting, and network management, enabling seamless integration with existing infrastructure. By offloading device management to the service provider, organizations can focus on core business functions while maintaining high availability and security. The method ensures that computer devices remain operational, secure, and up-to-date, minimizing downtime and enhancing user experience.
4. The method of claim 1 , wherein the receiving the communication, the determining, and the routing are provided by a service provider on a subscription, advertising, and/or fee basis.
This invention relates to a communication routing system that dynamically determines the optimal routing path for a communication based on real-time conditions and user preferences. The system receives a communication request, analyzes factors such as network congestion, user location, and service quality to determine the best routing path, and then routes the communication accordingly. The routing decision may consider multiple network paths, including wired, wireless, and hybrid networks, to ensure efficient and reliable transmission. The system may also prioritize routing based on user preferences, such as cost, speed, or security. Additionally, the system can be operated by a service provider on a subscription, advertising, or fee-based model. This means users or businesses can access the routing service through a paid subscription, by viewing advertisements, or by paying per use. The service provider may offer different tiers of service, with varying levels of features and performance, depending on the payment model. The system is designed to be scalable, allowing it to handle large volumes of communications across diverse networks while maintaining high reliability and low latency. The invention aims to improve communication efficiency, reduce costs, and enhance user experience by intelligently routing communications based on real-time data and user needs.
5. The method of claim 1 , wherein the receiving the communication, the determining, and the routing are provided by software as a service in a cloud environment.
This invention relates to a cloud-based software-as-a-service (SaaS) system for processing and routing communications. The system receives a communication, such as a message or data transmission, and analyzes its content to determine routing or processing requirements. Based on this analysis, the system automatically routes the communication to an appropriate destination or processing module. The routing logic may consider factors such as content type, sender information, or predefined rules. The entire process—receiving, analyzing, and routing—is executed within a cloud environment, leveraging scalable cloud infrastructure to handle varying workloads efficiently. The system may also integrate with other cloud-based services or databases to enhance functionality. This approach eliminates the need for on-premises hardware or manual intervention, improving scalability, reliability, and cost-effectiveness. The invention is particularly useful in enterprise environments where automated communication handling is critical, such as customer support, internal messaging, or data processing workflows. The cloud-based deployment ensures high availability and seamless updates without disrupting operations.
6. The method of claim 2 , wherein the malicious user is denied access beyond the determined one of the layers.
A system and method for network security involves detecting and mitigating unauthorized access attempts by malicious users. The technology operates within a multi-layered network architecture, where each layer represents a different level of access or system functionality. The method identifies a malicious user attempting to access restricted layers beyond their authorized level. Upon detection, the system enforces access control measures to prevent the user from proceeding further into the network. This includes blocking the user at the determined layer where unauthorized access was detected, ensuring that only legitimate users can navigate through the layers as intended. The system may employ authentication mechanisms, behavioral analysis, or anomaly detection to identify malicious activity. By restricting access at the detected layer, the method prevents lateral movement and limits the potential damage caused by unauthorized users. The approach enhances security by dynamically adapting to threats and enforcing strict access boundaries.
7. The method of claim 1 , wherein the determining whether the communication is associated with the valid user or the malicious user comprises comparing data associated with the communication to a list of identified malicious users and a list of valid users.
This invention relates to cybersecurity, specifically methods for distinguishing between valid and malicious users in communication systems. The problem addressed is the difficulty in accurately identifying and blocking malicious users while allowing legitimate users to access services without disruption. The method involves analyzing communication data to determine whether it originates from a valid user or a malicious user. This determination is made by comparing the communication data against two separate lists: one containing known malicious users and another containing known valid users. The comparison process helps classify the communication as either legitimate or malicious based on predefined criteria. If the communication data matches entries in the malicious user list, the system flags it as malicious. Conversely, if it matches entries in the valid user list, the communication is deemed legitimate. This approach enhances security by leveraging pre-existing user databases to improve detection accuracy and reduce false positives. The method can be applied in various communication systems, including network security, authentication systems, and fraud detection, to ensure only authorized users gain access while blocking malicious actors.
8. A system for managing security breaches, comprising: a networked computing environment comprising: a first layer; a production application server and a decoy application server in a second layer; a third layer; and a production database and a decoy database in a fourth layer, wherein: the decoy application server corresponds to and is separate from the production application server, and the decoy database corresponds to and is separate from the production database, the system is configured to route a malicious user associated with a breach to the production application server and the decoy database based on a detected layer of the breach being one of the second layer and the third layer, the decoy database stores fake data that is different from real data stored in the production database, and the system is configured to route the malicious user associated with the breach to the decoy application server and the decoy database based on the detected layer of the breach being the first layer, and route a valid user to the production application server and the production database.
The system manages security breaches in a networked computing environment by isolating malicious users from real data. The environment includes multiple layers: a first layer, a second layer with production and decoy application servers, a third layer, and a fourth layer with production and decoy databases. The decoy application server and decoy database contain fake data, distinct from the real data in the production systems. When a breach is detected in the second or third layer, the system routes the malicious user to the production application server but directs database access to the decoy database, protecting real data. If the breach originates in the first layer, the system routes the malicious user entirely to the decoy application server and decoy database, further isolating them from production systems. Valid users are always routed to the production application server and production database. This layered approach ensures that attackers are diverted to decoy systems while legitimate users access real data, enhancing security without disrupting normal operations.
9. The system of claim 8 , wherein the malicious user and the valid user access the networked computing environment via respective client devices communicating with an external security device.
A system for enhancing network security in a shared computing environment addresses the challenge of distinguishing between malicious and valid users accessing shared resources. The system includes a networked computing environment where multiple users interact with shared resources, such as applications or data. A security module within the environment monitors user activities to detect anomalies or suspicious behavior indicative of malicious intent. The system differentiates between malicious users and valid users by analyzing their interactions with the shared resources, applying predefined security policies, and enforcing access controls. When a malicious user is identified, the system restricts their access to sensitive resources while allowing valid users to continue operating normally. The system also includes a logging mechanism to record user activities for auditing and forensic analysis. In this configuration, both malicious and valid users access the networked computing environment through their respective client devices, which communicate with an external security device. This external device may perform additional security checks, such as authentication, encryption, or traffic monitoring, to further protect the networked environment from unauthorized access or attacks. The system ensures that only authorized users can access sensitive resources while maintaining the integrity and availability of the shared computing environment.
10. The system of claim 8 , further comprising a breach tool configured to determine a layer at which the breach occurred.
A system for cybersecurity breach detection and analysis includes a monitoring module that identifies unauthorized access or data exfiltration events within a network. The system also features a breach tool that determines the specific layer of the network infrastructure where the breach occurred. This layer identification helps pinpoint whether the breach happened at the application layer, network layer, or another level, enabling targeted remediation. The system may also include a response module that initiates countermeasures based on the breach location and severity, such as isolating affected systems or deploying patches. Additionally, the system may log breach details for forensic analysis, including timestamps, affected data, and breach vectors. The breach tool may use pattern recognition, anomaly detection, or rule-based analysis to identify the breach layer. The system is designed to enhance incident response efficiency by providing precise breach localization, reducing detection time, and minimizing damage.
11. The system of claim 10 , wherein the system is further configured to route the malicious user to the decoy application server and the decoy database based on the breach tool determining the breach occurred at the first layer.
This invention relates to cybersecurity systems designed to detect and mitigate breaches in multi-layered network architectures. The system identifies malicious users attempting to exploit vulnerabilities in a network and redirects them to decoy servers and databases to deceive and analyze their activities. The core system includes a breach detection tool that monitors network traffic for suspicious behavior, such as unauthorized access attempts or data exfiltration. When a breach is detected at the first layer of the network, the system dynamically routes the malicious user to a decoy application server and a decoy database. These decoy components mimic legitimate systems to gather intelligence on the attacker's methods, tools, and objectives without exposing real assets. The decoy environment may include fake data, delayed responses, or honeypot traps to further deceive and delay the attacker. The system may also log and analyze the attacker's actions to improve future threat detection and response strategies. This approach enhances security by isolating threats and providing valuable insights into attacker behavior while minimizing damage to actual network resources.
12. The system of claim 10 , wherein the system is further configured to route the malicious user to the production application server and the decoy database based on the breach tool determining the breach occurred at one of the second layer and the third layer.
A cybersecurity system detects and mitigates attacks by analyzing network traffic for malicious activity. The system includes a breach tool that identifies breaches at different network layers, such as the second layer (data link) or third layer (network). When a breach is detected, the system routes the malicious user to a decoy database and a production application server. The decoy database contains fake data to deceive attackers, while the production server operates normally to avoid disrupting legitimate users. The breach tool monitors traffic patterns, such as unusual access attempts or protocol violations, to determine the breach location. By isolating attackers and feeding them false information, the system prevents unauthorized access to sensitive data while maintaining operational continuity. The system may also log attack details for forensic analysis and threat intelligence. This approach enhances security by combining deception technology with real-time breach detection and response.
13. A computer program product for managing security breaches, the computer program product comprising a computer readable storage device having program instructions embodied therewith, the program instructions being executable by a computer device to cause the computer device to: determine, by the computer device, an identification of a malicious user and a detected layer of a breach of a production system of a networked computing environment; and route, by the computer device, the malicious user to an element of a decoy system of the networked computing environment based on the identification of the malicious user, wherein: the decoy system is separate from the production system and comprises elements corresponding to elements of the production system, the networked computing environment comprises: an external security device in a first layer; a production application server and a decoy application server in a second layer; an internal security device in a third layer; and a production database and a decoy database in a fourth layer, the malicious user is routed to the production application server and the decoy database based on the detected layer of the breach being one of the second layer and the third layer, and the malicious user is routed to the decoy application server and the decoy database based on the detected layer of the breach being the first layer.
This invention relates to a computer program for managing security breaches in a networked computing environment. The system detects malicious users and the layer of a breach in a production system, then routes the malicious user to a decoy system to deceive and monitor the attacker. The decoy system mirrors elements of the production system but is separate from it. The networked environment includes multiple layers: an external security device in the first layer, production and decoy application servers in the second layer, an internal security device in the third layer, and production and decoy databases in the fourth layer. If the breach is detected in the second or third layer, the malicious user is routed to the production application server and the decoy database. If the breach is detected in the first layer, the user is routed to the decoy application server and the decoy database. This approach isolates the attacker from critical production systems while allowing monitoring and analysis of their activities. The decoy system provides a controlled environment to study attack patterns and improve security measures.
14. The computer program product of claim 13 , wherein the decoy system stores fake data that is different from real data stored in the production system.
This invention relates to cybersecurity, specifically to systems that use decoy or honeypot techniques to detect and mitigate unauthorized access attempts. The problem addressed is the need to distinguish between legitimate and malicious activities in a network by deploying decoy systems that mimic real production systems but contain fake data. The decoy system is designed to store data that is intentionally different from the real data in the production system, making it easier to identify attackers who interact with the decoy rather than the actual system. This approach helps in detecting intrusions early, as attackers targeting the decoy system reveal their presence without compromising real data. The decoy system may include various components such as fake databases, files, or network services that appear authentic but are isolated from the production environment. By analyzing interactions with the decoy system, security personnel can gather intelligence on attack methods and improve defenses. The invention enhances cybersecurity by providing a controlled environment to observe and study malicious behavior without risking real assets.
Unknown
May 26, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.